Thursday, 29 September 2016

I am very pleased to be co-author for the latest book in the System Center Configuration Manager Unleashed series (published by Sams). The book is titled "System Center Configuration Manager Current Branch Unleashed". The author list is:

Kerrie Meyler (MVP) (Co-author)

Greg Ramsey (MVP) (Co-author)

Kenneth van Surksum (MVP) (Co-author)

Michael Wiles (Dell) (Co-author)

Gerry Hampson (MVP) (Co-author)

Saud Al-Mishari (Microsoft) (Co-author)

Garth Jones (MVP) (Contributing author)

Byron Holt (MVP) (Contributing author)

The chapter list is as follows:

Configuration Management Basics

Configuration Manager Overview

Looking Inside Configuration Manager

Architecture Design Planning

Network Design

Installing System Center Configuration Manager

Migrating to System Center Configuration Manager

Using the Configuration Manager Console

Client Management

Managing Compliance

Creating and Managing Applications and Deployment Types

Creating and Managing Packages and Programs

Distributing and Deploying Applications and Packages

Managing Software Updates

Integrating Intune Hybrid into Your Configuration Manager Environment

Managing Mobile Devices

Conditional Access

Endpoint Protection

Configuration Manager Queries

Configuration Manager Reporting

Operating System Deployment

Security and Delegation in Configuration Manager

Backup, Recovery, and Maintenance

Writing a book can be a very time-consuming process. However I've submitted my four chapters ahead of schedule after several re-writes (Kerrie is a tough taskmaster). The chapters will then undergo technical and editorial reviews (probably more re-writes). The book is scheduled to be published in early 2017 and will be available on Amazon.Currently it is available for pre-order

Thursday, 1 September 2016

MAM without enrollment is a really cool way of protecting corporate data on BYOD devices. Some users simply do not want to enrol their devices in Intune so this gives us IT Pros an alternative management method.

MAM policies can be configured for apps in these scenarios:

On devices enrolled in Microsoft Intune: These devices are typically corporate owned devices.

On devices not enrolled in any mobile device management solution: These devices are typically employee owned devices that are not managed or enrolled in Intune or other MDM solutions.

I will walkthrough the solution and offer some real world tips along the way.Tip #1: MAM policies should not be used in conjunction with third party mobile app management or secure container solutions.Administrator configurationConfiguration of this solution is carried out in the Azure Portal

Give the policy a name and choose a platform. I'm choosing Android for now. Highlight Select Required Apps.

Choose the apps that you want to deploy a MAM policy to. Click Select to choose the apps.Notice that only Microsoft apps are currently available. So how do I allow my users to securely open email attachments - PDFs for example?

Tip #2: No special considerations are required for iOS. Outlook for iOS has an in-app viewer built in.Tip #3: The RMS Sharing App must be used for opening secure PDFs on Android devices.

Now highlight Configure required settings. There are a number of options to choose from. The default options are sufficient unless you specifically need to change a setting.

Tip #4: If you are familiar with Intune Mobile Application Management you will know that you must create a MAM policy and a Managed Browser policy. In MAM without enrolment they are integrated and there is no Managed Browser policy. There is one setting "Restrict web content to display in the Managed Browser".

Click OK to save your settings.

Click Create to create the policy.

Select App Policy again.

Highlight the policy that you have created.

Select User Groups.

Select Add Users Group to deploy the MAM policy.User experience (Android)Download and install the required apps from the Google Play store. Don't forget the RMS Sharing app as discussed above.

I got this error when I tried to open Outlook (now a protected MAM app)."Before you can use your work account with this app, you must install the free Intune Company Portal app. Tap "Go to store" to continue".

Tip #5: You must install the Company Portal app on an Android device in order to use MAM without enrolment (even though you will not be enrolling the device). This is not the case with iOS.

Click Go to store and install the Company portal app.No further action is required with this app.

Corporate data is now secured by MAM policy. Try it out.I hope this information was useful. Until next time......